Cisco ASA 8.4 on GNS3 - Step By Step Guide


Cisco ASA stands for Adaptive Security Appliance.In brief, It is a security device that combines firewall, antivirus, intrusion prevention, and virtual private network (VPN) capabilities. It can be used as a security solution for both small and large networks. This post is applicable for adding any versions of Cisco ASA 8.2,8.3,8.4 on GNS3.

Before we begin.,Please make sure that you have below items in your machine.

1.Download & Install GNS3
http://www.gns3.net/download

2.Cisco ASA 8.4 ISO image(valid)
http://www.mediafire.com/download.php?ssadit26tl3llms
or
https://rapidshare.com/files/2538881267/asa.zip

Now Let's assume that, you have installed GNS3 on your machine.

Steps to be Followed,

Step 1:- Download the ASA image & Extract them. Copy the extracted image & Paste them to GNS3 Images Directory.

Ex: C:\Users\<user name>\GNS3\images\

Step 2:-  Open GNS3 --> go to edit---> Preferrence ----> QEMU---> QEMU VMs

Step 3:- Click New ---->Select QEMU VM type ---> ASA 8.4(2) ----> Next Button.




                                              
Step 4:-  Give whatever name you want to assign to ASA.




Step 5:- Assign RAM size for the ASA. (>=1024MB)



Step 6:- Browse the Boot ISO files, which we have pasted in GNS3 images Directory.



Step 7 :-  Press Ok, Then Drag Cisco ASA Image to Workspace.

Step 8 :- Right Click ASA image ----> Press Start button.



Step 9:- Go to Console view-->  If everything is perfect, It will start booting. In case any issues, add your comments.  After booting process, it will go to enable prompt of ASA.

Step 10:- Type enable ---> and press enter, in the password prompt. To check the Cisco ASA version & License Information. Type " Show Version" Command.

 

Step 11:- Now ASA is loaded with Default License Key, which has limited features. Issue the following commands, to install the New License Key.

Step 12:- Go to Configure Terminal ---> type "activation-key 0xb23bcf4a 0x1c713b4f 0x7d53bcbc 0xc4f8d09c 0x0e24c6b6" ---------> Write -----> Reload.



Step 13:- Wait for 15-20 mins roughly, it could take more time. During the reboot, it will take some more time for Key Validation Phase. Wait for some time.

Step 14:- Now Your ASA is ready with the New License Installed.



That's All Guys..!! If you face any issues in the process, do let me know..!!

Share this:

Hey there! I'm Senthil Kumar Murugesan, An Infrastructure engineer with a focus on Cisco Unified Communications and Hacking. Also I’m happy to mention that I’m a Linux junkie, a Cisco proponent, a Tools fanatic and Script lover. This is a blog, a rambling of thoughts, and a result of technical experiments

25 comments

  1. plis, you can upload the asa ios.

    ReplyDelete
    Replies
    1. Sorry for the late response, Still the below link is valid mate,

      http://www.mediafire.com/download.php?ssadit26tl3llms

      Delete
  2. it shows: failed to retrieve permanent activation key

    ReplyDelete
    Replies
    1. after that output:failed to retrieve permanent activation key, Wait for 10-15 mins, @Salim, After that it itself will get activated. Let me know if any issues occurs.

      Delete
  3. But after closing it and opening it again, the key is gone even after saving the config using write command.

    ReplyDelete
  4. Hello every one, where can i get the new dumps for ccnp security free download

    thank

    ReplyDelete
  5. Hi man
    thks for this tuto
    i have a problem here.
    this is what i saw on the first show version

    Licensed features for this platform:
    Maximum Physical Interfaces : Unlimited perpetual
    Maximum VLANs : 100 perpetual
    Inside Hosts : Unlimited perpetual
    Failover : Disabled perpetual
    VPN-DES : Disabled perpetual
    VPN-3DES-AES : Disabled perpetual
    Security Contexts : 0 perpetual
    GTP/GPRS : Disabled perpetual
    AnyConnect Premium Peers : 5000 perpetual
    AnyConnect Essentials : Disabled perpetual
    Other VPN Peers : 5000 perpetual
    Total VPN Peers : 0 perpetual
    Shared License : Disabled perpetual
    AnyConnect for Mobile : Disabled perpetual
    AnyConnect for Cisco VPN Phone : Disabled perpetual
    Advanced Endpoint Assessment : Disabled perpetual
    UC Phone Proxy Sessions : 2 perpetual
    Total UC Proxy Sessions : 2 perpetual
    Botnet Traffic Filter : Disabled perpetual
    Intercompany Media Engine : Disabled perpetual


    And the new show version


    Licensed features for this platform:
    Maximum Physical Interfaces : Unlimited perpetual
    Maximum VLANs : 100 perpetual
    Inside Hosts : Unlimited perpetual
    Failover : Disabled perpetual
    VPN-DES : Disabled perpetual
    VPN-3DES-AES : Disabled perpetual
    Security Contexts : 0 perpetual
    GTP/GPRS : Disabled perpetual
    AnyConnect Premium Peers : 5000 perpetual
    AnyConnect Essentials : Disabled perpetual
    Other VPN Peers : 5000 perpetual
    Total VPN Peers : 0 perpetual
    Shared License : Disabled perpetual
    AnyConnect for Mobile : Disabled perpetual
    AnyConnect for Cisco VPN Phone : Disabled perpetual
    Advanced Endpoint Assessment : Disabled perpetual
    UC Phone Proxy Sessions : 2 perpetual
    Total UC Proxy Sessions : 2 perpetual
    Botnet Traffic Filter : Disabled perpetual
    Intercompany Media Engine : Disabled perpetual

    This platform has an ASA 5520 VPN Plus license.

    I can see that the VPN FAILOVER or context are same
    can i have your help for this issue.

    ReplyDelete
  6. activation key is not working....................

    ciscoasa(config)# activation-key 0xb23bcf4a 0x1c713b4f 0x7d53bcbc 0xc4f8d09c 0$
    Validating activation key. This may take a few minutes...
    Failed to retrieve permanent activation key.

    massage display.....................help me

    ReplyDelete
  7. ciscoasa(config)# activation-key 0xb23bcf4a 0x1c713b4f 0x7d53bcbc 0xc4f8d09c 0$
    Validating activation key. This may take a few minutes...
    Failed to retrieve permanent activation key.



    i am also getting this, please help

    ReplyDelete
  8. https://gns3.com/qa/how-to-run-asa-on-gns3-running-a

    ReplyDelete
  9. Thanks for the post. Very helpful sir

    ReplyDelete
  10. Is it possible to make this activation permanent ? means to when we started GNS3 ASA it will be activated...

    Please reply.

    ReplyDelete
  11. Hi guys,

    I need some help. After a press the Start/Play button, I am getting the following error message in the console:

    => Server error [-3200] from 127.0.0.1:8000: ASA1: Could not create disk image [Errno 2] No such file or directory: '/usr/local/bin/qemu-img'

    Not sure what this means. I'm on a Macbook with OSX 10.9.5.

    Thanks for the help in advance!!

    ReplyDelete
  12. Activation key working fine. But has to do same every time whenever using ASA

    ReplyDelete
  13. GNS3 management console.
    Running GNS3 version 1.4.6 on Windows (64-bit) with Python 3.4.3 Qt 5.5.1.
    Copyright (c) 2006-2016 GNS3 Technologies.
    Use Help -> GNS3 Doctor to detect common issues.

    => Warning: Warning ASA 8 is not officialy supported by GNS3 and Cisco, we recommend to use ASAv. Depending of your hardware this could not work or you could be limited to one instance.
    Error: QEMU process has stopped, return code: 1
    Start QEMU with 'C:\Program Files\GNS3\qemu-0.11.0\qemu.exe' -name ASA-1 -m 1024M -smp cpus=1 -boot order=c -drive 'file=C:\Users\AZEEZ_PC\GNS3\projects\c63ad4c4-2f83-47a9-a66f-3337c724c129\project-files\qemu\d633cd7c-8343-4072-9fda-65c1e0032e6d\hda_disk.qcow2,if=ide,index=0,media=disk' -initrd 'C:\Users\AZEEZ_PC\GNS3\images\QEMU\asa842-initrd' -kernel 'C:\Users\PAUL\GNS3\images\QEMU\asa842-initrd' -append 'ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 auto nousb console=ttyS0,9600 bigphysarea=65536 ide1=noprobe no-hlt -net nic' -serial telnet:127.0.0.1:2000,server,nowait -monitor tcp:127.0.0.1:54252,server,nowait -net none -net nic,vlan=0,macaddr=00:00:ab:2e:6d:00,model=e1000 -net nic,vlan=1,macaddr=00:00:ab:2e:6d:01,model=e1000 -net nic,vlan=2,macaddr=00:00:ab:2e:6d:02,model=e1000 -net nic,vlan=3,macaddr=00:00:ab:2e:6d:03,model=e1000 -icount auto -hdachs 980,16,32 -vga none -vnc none

    Execution log:

    ReplyDelete
  14. Unknown you need to use qemu-system-i386 as the emulator. You need to edit the configutation of your ASA device to do it.

    ReplyDelete
  15. Thanks, It works fine but after the reload ti asks for Enable password

    ReplyDelete
  16. I am getting Qemu.exe error closed!! .Kindly help me to resolve it.

    ReplyDelete
  17. I am getting error as restarting ASA within 4sec..like this repeating process..

    Please help me to resolve this

    ReplyDelete
  18. Hi
    if you got message like this " ciscoasa(config)# activation-key 0xb23bcf4a 0x1c713b4f 0x7d53bcbc 0xc4f8d09c 0$
    Validating activation key. This may take a few minutes...
    then wait for 15-20 min it is activating it will take some time its working
    Failed to retrieve permanent activation key.